• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Port scanning attacks!

Itprotj

Itprotj

New Member
Since the other thread is resolved I have come accross another issue I am having troubles with!

So it started back about a month ago when a computer on my network started port scanning my PC, Fair enough I went to the computer that was port scanning and located the virus and deleted it. Issue went away for about a month but has come back and wont leave my internet and my computer alone!
Only way I know is that it shows up on my NOD32 Firewall saying theres a port scanning attack blocked coming from the other computer. I have run AntiVir & NOD32 Virus scanner on the infected PC but neither find and delete the virus so Is there any scanner that specialises in finding the source of the problems and removing it? I'm still pretty stumped that two pretty decent AV's couldn't pick it up... What should I do?
Oh and everytime it attempts to port scan my PC it interferes with my latency in game :(

portscan.jpg
 
On the scanning machine you may try using
Code: 
netstat -bn

and locate the target IP and you will see the process that is causing the issue bellow the found connection
 
Maybe I should run Hijack this? I've heard it to be a good program to locate processes running..

The log presented a few uTorrent lines, one opera line & a strange line stating it had established a connection to my network IP but "Could not obtain ownership information" -,-

EDIT: I Also see
Windows Sockets initialization failed: 5
With a few random IP's there.
 
Last edited:
iAdam said:
Reboot both PC's, simple as I guess.
Click to expand...

That won't help since it's most likely a virus of some sort and will start at boot


Itprotj said:
Maybe I should run Hijack this? I've heard it to be a good program to locate processes running..

The log presented a few uTorrent lines, one opera line & a strange line stating it had established a connection to my network IP but "Could not obtain ownership information" -,-

EDIT: I Also see
Windows Sockets initialization failed: 5
With a few random IP's there.
Click to expand...

If you post the output of the command I told you to run, I might be able to help you locate the process. Also try booting the attacker in safe mode to see if the attack persists
 
The PC Is a media centre computer so I can't afford just to leave it in safe mode for a long peroid of time..

Infected PC: 192.168.1.10
My PC: 192.168.1.3

Active Connections

Proto Local Address Foreign Address State
TCP 192.168.1.10:445 192.168.1.3:53140 ESTABLISHED

Can not obtain ownership information

x: Windows Sockets initialization failed: 5
TCP 192.168.1.10:25766 76.179.210.220:54976 TIME_WAIT
TCP 192.168.1.10:25766 203.153.201.8:61029 TIME_WAIT
TCP 192.168.1.10:25766 218.186.33.213:3954 TIME_WAIT
TCP 192.168.1.10:49267 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:49544 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:49582 118.214.190.33:80 CLOSE_WAIT
[uTorrent.exe]
TCP 192.168.1.10:50727 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:51583 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:51642 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:52321 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:52643 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:52797 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:52870 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:52960 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:53133 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:53289 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:53773 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:53910 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:54226 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:54282 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:54375 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:54463 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:54755 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:55218 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:55273 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:55334 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:55432 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:55979 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56044 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56067 89.202.157.226:80 TIME_WAIT
TCP 192.168.1.10:56148 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56256 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56682 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56737 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56879 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:56945 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:57048 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:57568 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:57639 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:57715 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:59850 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60029 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60229 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60365 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60418 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60553 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60655 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:60757 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61320 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61377 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61505 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61666 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61823 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:61933 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:62030 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:62216 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:62326 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:62471 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:62951 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:63056 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:63262 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:63546 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
TCP 192.168.1.10:65434 195.94.220.42:44895 FIN_WAIT_1
[uTorrent.exe]
Click to expand...

As I say this my PC is still blocking port scan attacks, Happening a couple of times per hour and slowing down my connection each time it happens.

EDIT: Oh and the infected PC Always uses the port 5355 to port scan attack my PC if that helps.
 
Last edited:
Did a bit of research and you might be infected with some form of trojan backdoor, apparently Kaspersky might be able to clean it.

Have you tried testing in safe mode if the scanner starts?
 
Will the kaspersky online virus scanner be good enough to scan the infected PC?
http://www.kaspersky.com/virusscanner

If so i'll scan the PC with that tomorrow... And if that doesn't work i'll try in safe mode.

EDIT: Should I just download a trial version of it to scan? Online scan doesn't seem to support removal of any malware detected.
 
You must log in or register to reply here.
Back
Top